"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_kernel" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_kernel  (lynis-3.0.1):tests_kernel  (lynis-3.0.2)
skipping to change at line 25 skipping to change at line 25
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License. # welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software. # See LICENSE file for usage of this software.
# #
################################################################################ # ################################################################################ #
# #
# Kernel # Kernel
# #
################################################################################ # ################################################################################ #
# #
InsertSection "Kernel" InsertSection "${SECTION_KERNEL}"
# #
################################################################################ # ################################################################################ #
# #
CPU_PAE=0 CPU_PAE=0
CPU_NX=0 CPU_NX=0
LINUXCONFIGFILE="" LINUXCONFIGFILE=""
LINUXCONFIGFILE_ZIPPED=0 LINUXCONFIGFILE_ZIPPED=0
LIMITS_DIRECTORY="${ROOTDIR}etc/security/limits.d" LIMITS_DIRECTORY="${ROOTDIR}etc/security/limits.d"
APT_ARCHIVE_DIRECTORY="${ROOTDIR}var/cache/apt/archives" APT_ARCHIVE_DIRECTORY="${ROOTDIR}var/cache/apt/archives"
# #
skipping to change at line 488 skipping to change at line 488
Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_DISABLED}" --color "${TMP_COLOR}" Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_DISABLED}" --color "${TMP_COLOR}"
elif [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_DISABLED} -ge 1 ] && [ ${SYS D_CORED_BASE_STORAGE_NR_DISABLED} -ge 1 ] && ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR _ENABLED} -ge 1 ] || [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then elif [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_DISABLED} -ge 1 ] && [ ${SYS D_CORED_BASE_STORAGE_NR_DISABLED} -ge 1 ] && ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR _ENABLED} -ge 1 ] || [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then
LogText "Result: 'ProcessSizeMax=0' and 'Storage=none' are set i n ${ROOTDIR}etc/systemd/coredump.conf but overwritten in subdir config files" LogText "Result: 'ProcessSizeMax=0' and 'Storage=none' are set i n ${ROOTDIR}etc/systemd/coredump.conf but overwritten in subdir config files"
ReportSuggestion "${TEST_NO}" "Check systemd configuration for o verwriting core dump settings" ReportSuggestion "${TEST_NO}" "Check systemd configuration for o verwriting core dump settings"
Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_ENABLED}" --color YELLOW Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_ENABLED}" --color YELLOW
AddHP 0 1 AddHP 0 1
elif ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SY SD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] ) || \ elif ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SY SD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] ) || \
( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SY SD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ) || \ ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SY SD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ) || \
( [ ${SYSD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] && [ ${SYSD_C ORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] ) || \ ( [ ${SYSD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] && [ ${SYSD_C ORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] ) || \
( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYS D_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYS D_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then
LogText "Result: core dumps are explicitely enabled in systemd c onfiguration files" LogText "Result: core dumps are explicitly enabled in systemd co nfiguration files"
ReportSuggestion "${TEST_NO}" "If not required, consider explici t disabling of core dump in ${ROOTDIR}etc/systemd/coredump.conf ('ProcessSizeMax =0', 'Storage=none')" ReportSuggestion "${TEST_NO}" "If not required, consider explici t disabling of core dump in ${ROOTDIR}etc/systemd/coredump.conf ('ProcessSizeMax =0', 'Storage=none')"
Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_ENABLED}" --color RED Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_ENABLED}" --color RED
AddHP 0 1 AddHP 0 1
else else
LogText "Result: core dumps are not disabled in systemd configur ation. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'" LogText "Result: core dumps are not disabled in systemd configur ation. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'"
Display --indent 4 --text "- configuration in systemd conf files " --result "DEFAULT" --color WHITE Display --indent 4 --text "- configuration in systemd conf files " --result "${STATUS_DEFAULT}" --color WHITE
AddHP 0 1 AddHP 0 1
fi fi
fi fi
# Profile option # Profile option
LogText "Test: Checking presence ${ROOTDIR}etc/profile" LogText "Test: Checking presence ${ROOTDIR}etc/profile"
if [ -f "${ROOTDIR}etc/profile" ]; then if [ -f "${ROOTDIR}etc/profile" ]; then
LogText "Test: Checking if 'ulimit -c 0' exists in ${ROOTDIR}etc/pro file or ${ROOTDIR}etc/profile.d/*.sh" LogText "Test: Checking if 'ulimit -c 0' exists in ${ROOTDIR}etc/pro file or ${ROOTDIR}etc/profile.d/*.sh"
# use tail -1 in the following commands to get the last entry, which is the one that counts (in case of profile.d/ probably counts) # use tail -1 in the following commands to get the last entry, which is the one that counts (in case of profile.d/ probably counts)
ULIMIT_C_VALUE="$(${GREPBINARY} "ulimit -c " ${ROOTDIR}etc/profile 2 > /dev/null | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')" ULIMIT_C_VALUE="$(${GREPBINARY} "ulimit -c " ${ROOTDIR}etc/profile 2 > /dev/null | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
ULIMIT_C_VALUE_SUB="$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "* .sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBIN ARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')" ULIMIT_C_VALUE_SUB="$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "* .sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBIN ARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
if ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE_SUB}" = " 0" ] ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ "$ {ULIMIT_C_VALUE}" = "0" ] ); then if ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE_SUB}" = " 0" ] ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ "$ {ULIMIT_C_VALUE}" = "0" ] ); then
LogText "Result: core dumps are disabled by 'ulimit -c 0' in ${R OOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh" LogText "Result: core dumps are disabled by 'ulimit -c 0' in ${R OOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh"
Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_DISABLED}" --color GREEN Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_DISABLED}" --color GREEN
AddHP 1 1 AddHP 1 1
elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; t hen elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; t hen
LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/pr ofile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'" LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/pr ofile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'"
Display --indent 4 --text "- configuration in etc/profile" --res ult "DEFAULT" --color WHITE Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_DEFAULT}" --color WHITE
AddHP 0 1 AddHP 0 1
elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C _VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlim ited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C _VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlim ited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then
LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configur ed for 'ulimit -c'" LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configur ed for 'ulimit -c'"
Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_ENABLED}" --color RED Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_ENABLED}" --color RED
AddHP 0 1 AddHP 0 1
else else
LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config f iles. Please report on Github!" LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config f iles. Please report on Github!"
Display --indent 4 --text "- configuration in etc/profile" --res ult "ERROR" --color YELLOW Display --indent 4 --text "- configuration in etc/profile" --res ult "${STATUS_ERROR}" --color YELLOW
fi fi
fi fi
# Limits option # Limits option
LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf" LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf"
if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then
LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists" LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists"
LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/ security/limits.conf and ${LIMITS_DIRECTORY}/*" LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/ security/limits.conf and ${LIMITS_DIRECTORY}/*"
# using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available.
FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS _DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v " ^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { prin t "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0" ) { print "soft core enabled" } }' | ${TAILBINARY} -1) FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS _DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v " ^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { prin t "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0" ) { print "soft core enabled" } }' | ${TAILBINARY} -1)
FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS _DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v " ^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { prin t "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0" ) { print "hard core enabled" } }' | ${TAILBINARY} -1) FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS _DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v " ^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { prin t "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0" ) { print "hard core enabled" } }' | ${TAILBINARY} -1)
skipping to change at line 541 skipping to change at line 541
# When "* - core [value]" is used, then this sets both soft and core . In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. # When "* - core [value]" is used, then this sets both soft and core . In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file.
if [ "${FIND3}" = "core dumps disabled" ]; then if [ "${FIND3}" = "core dumps disabled" ]; then
FIND1="soft core disabled" FIND1="soft core disabled"
FIND2="hard core disabled" FIND2="hard core disabled"
elif [ "${FIND3}" = "core dumps enabled" ]; then elif [ "${FIND3}" = "core dumps enabled" ]; then
FIND1="soft core enabled" FIND1="soft core enabled"
FIND2="hard core enabled" FIND2="hard core enabled"
fi fi
IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; th IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; th
en ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCM en ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCM
D} ENABLED; else ${ECHOCMD} DEFAULT; fi)" D} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; th IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; th
en ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCM en ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCM
D} ENABLED; else ${ECHOCMD} DEFAULT; fi)" D} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
if [ "${FIND2}" = "hard core disabled" ]; then if [ "${FIND2}" = "hard core disabled" ]; then
LogText "Result: core dumps are hard disabled" LogText "Result: core dumps are hard disabled"
Display --indent 4 --text "- 'hard' configuration in security/li mits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" Display --indent 4 --text "- 'hard' configuration in security/li mits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN"
if [ "${FIND1}" = "soft core disabled" ]; then if [ "${FIND1}" = "soft core disabled" ]; then
Display --indent 4 --text "- 'soft' configuration in securit y/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" Display --indent 4 --text "- 'soft' configuration in securit y/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN"
else else
Display --indent 4 --text "- 'soft' config in security/limit s.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" Display --indent 4 --text "- 'soft' config in security/limit s.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN"
fi fi
AddHP 3 3 AddHP 3 3
skipping to change at line 590 skipping to change at line 590
# Sysctl option # Sysctl option
LogText "Test: Checking sysctl value of fs.suid_dumpable" LogText "Test: Checking sysctl value of fs.suid_dumpable"
FIND=$(${SYSCTLBINARY} fs.suid_dumpable 2> /dev/null | ${AWKBINARY} '{ i f ($1=="fs.suid_dumpable") { print $3 } }') FIND=$(${SYSCTLBINARY} fs.suid_dumpable 2> /dev/null | ${AWKBINARY} '{ i f ($1=="fs.suid_dumpable") { print $3 } }')
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
LogText "Result: sysctl key fs.suid_dumpable not found" LogText "Result: sysctl key fs.suid_dumpable not found"
else else
LogText "Result: value ${FIND} found" LogText "Result: value ${FIND} found"
fi fi
if [ "${FIND}" = "2" ]; then if [ "${FIND}" = "2" ]; then
LogText "Result: programs can dump core dump, but only readable by r oot (value 2, for debugging with file protection)" LogText "Result: programs can dump core dump, but only readable by r oot (value 2, for debugging with file protection)"
Display --indent 4 --text "- Checking setuid core dumps configuratio n" --result PROTECTED --color WHITE Display --indent 4 --text "- Checking setuid core dumps configuratio n" --result "${STATUS_PROTECTED}" --color WHITE
AddHP 1 1 AddHP 1 1
elif [ "${FIND}" = "1" ]; then elif [ "${FIND}" = "1" ]; then
LogText "Result: all programs can perform core dumps (value 1, for d ebugging)" LogText "Result: all programs can perform core dumps (value 1, for d ebugging)"
Display --indent 2 --text "- Checking setuid core dumps configuratio n" --result DEBUG --color YELLOW Display --indent 2 --text "- Checking setuid core dumps configuratio n" --result "${STATUS_DEBUG}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump" ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump"
AddHP 0 1 AddHP 0 1
else else
# 0 - (default) - traditional behaviour. Any process which has chang ed privilege levels or is execute only will not be dumped # 0 - (default) - traditional behaviour. Any process which has chang ed privilege levels or is execute only will not be dumped
# https://www.kernel.org/doc/Documentation/sysctl/fs.txt # https://www.kernel.org/doc/Documentation/sysctl/fs.txt
LogText "Result: found default option (0), no execute only program o r program with changed privilege levels can dump" LogText "Result: found default option (0), no execute only program o r program with changed privilege levels can dump"
Display --indent 4 --text "- Checking setuid core dumps configuratio n" --result DISABLED --color GREEN Display --indent 4 --text "- Checking setuid core dumps configuratio n" --result "${STATUS_DISABLED}" --color GREEN
AddHP 1 1 AddHP 1 1
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Test : KRNL-5830 # Test : KRNL-5830
# Description : Check if system needs a reboot (Linux only) # Description : Check if system needs a reboot (Linux only)
Register --test-no KRNL-5830 --os Linux --weight L --network NO --category s ecurity --description "Checking if system is running on the latest installed ker nel" Register --test-no KRNL-5830 --os Linux --weight L --network NO --category s ecurity --description "Checking if system is running on the latest installed ker nel"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
skipping to change at line 667 skipping to change at line 667
else else
ReportException "${TEST_NO}:1" "Can't determine kernel v ersion on disk, need debug data" ReportException "${TEST_NO}:1" "Can't determine kernel v ersion on disk, need debug data"
fi fi
elif [ -f ${ROOTDIR}boot/vmlinuz-linux ] || [ -f ${ROOTDIR}boot/ vmlinuz-linux-lts ] || [ -f "$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/n ull | ${HEADBINARY} -1)" ]; then elif [ -f ${ROOTDIR}boot/vmlinuz-linux ] || [ -f ${ROOTDIR}boot/ vmlinuz-linux-lts ] || [ -f "$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/n ull | ${HEADBINARY} -1)" ]; then
if [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then if [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then
LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux" LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux"
FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux
elif [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ]; then elif [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ]; then
LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts" LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts"
FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts
elif [ -f ${ROOTDIR}boot/vmlinuz-lts ]; then
LogText "Result: found ${ROOTDIR}boot/vmlinuz-lts"
FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-lts
else else
# Match on /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-defaul # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3
t .7-1-default. Get newest file (ls -t and pipe into head)
FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* # Note: ignore a rescue kernel (e.g. CentOS)
2> /dev/null | ${HEADBINARY} -1) FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]*
2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${HEADBINARY} -1)
LogText "Result: found ${FOUND_VMLINUZ}" LogText "Result: found ${FOUND_VMLINUZ}"
fi fi
VERSION_ON_DISK="" VERSION_ON_DISK=""
if [ -L "${FOUND_VMLINUZ}" ]; then if [ -L "${FOUND_VMLINUZ}" ]; then
LogText "Result: found a symlink, retrieving destination " LogText "Result: found a symlink, retrieving destination "
FOUND_VMLINUZ=$(readlink "${FOUND_VMLINUZ}") FOUND_VMLINUZ=$(readlink "${FOUND_VMLINUZ}")
LogText "Result: destination file is ${FOUND_VMLINUZ}" LogText "Result: destination file is ${FOUND_VMLINUZ}"
VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} ' s#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//') VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} ' s#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//')
LogText "Result: version derived from file name is '${VE RSION_ON_DISK}'" LogText "Result: version derived from file name is '${VE RSION_ON_DISK}'"
elif [ -f "${FOUND_VMLINUZ}" ]; then elif [ -f "${FOUND_VMLINUZ}" ]; then
VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} ' s#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//') VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} ' s#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//' | ${SEDBINARY} '$s/-\?\(linux\)\?-\? \(lts\)\?//')
LogText "Result: version derived from file name is '${VE RSION_ON_DISK}'" LogText "Result: version derived from file name is '${VE RSION_ON_DISK}'"
fi fi
# Data check: perform reset if we found a version but looks
incomplete
# Example: Arch Linux will return only 'linux' as its versio
n after it discovered /boot/vmlinuz-linux
case ${VERSION_ON_DISK} in
"linux" | "linux-lts")
LogText "Result: reset of version (${VERSION_ON_DISK
}) as it looks incomplete"
VERSION_ON_DISK=""
;;
esac
# If we did not find the version yet, see if we can extract
it from the magic data that 'file' returns
if [ -z "${VERSION_ON_DISK}" ]; then if [ -z "${VERSION_ON_DISK}" ]; then
LogText "Test: checking kernel version on disk" LogText "Test: checking kernel version on disk"
NEXTLINE=0 NEXTLINE=0
VERSION_ON_DISK="" VERSION_ON_DISK=""
for I in $(file ${FOUND_VMLINUZ}); do for I in $(file ${FOUND_VMLINUZ}); do
if [ ${NEXTLINE} -eq 1 ]; then if [ ${NEXTLINE} -eq 1 ]; then
VERSION_ON_DISK="${I}" VERSION_ON_DISK="${I}"
break break
else else
# Searching for the Linux kernel after the keywo rd 'version' # Searching for the Linux kernel after the keywo rd 'version'
if [ "${I}" = "version" ]; then NEXTLINE=1; fi if [ "${I}" = "version" ]; then NEXTLINE=1; fi
fi fi
done done
fi fi
# Last check if we finally got a version or not
if [ -z "${VERSION_ON_DISK}" ]; then if [ -z "${VERSION_ON_DISK}" ]; then
LogText "Result: could not find the version on disk" LogText "Result: could not find the version on disk"
ReportException "${TEST_NO}:4" "Could not find the kerne l version" ReportException "${TEST_NO}:4" "Could not find the kerne l version"
else else
LogText "Result: found version ${VERSION_ON_DISK}" LogText "Result: found version ${VERSION_ON_DISK}"
ACTIVE_KERNEL=$(uname -r) ACTIVE_KERNEL=$(uname -r)
LogText "Result: active kernel version ${ACTIVE_KERNEL}" LogText "Result: active kernel version ${ACTIVE_KERNEL}"
if [ "${VERSION_ON_DISK}" = "${ACTIVE_KERNEL}" ]; then if [ "${VERSION_ON_DISK}" = "${ACTIVE_KERNEL}" ]; then
REBOOT_NEEDED=0 REBOOT_NEEDED=0
LogText "Result: no reboot needed, active kernel is the same version as the one on disk" LogText "Result: no reboot needed, active kernel is the same version as the one on disk"
skipping to change at line 783 skipping to change at line 799
else else
LogText "Result: Skipping this test, as there are no files in /b oot" LogText "Result: Skipping this test, as there are no files in /b oot"
fi fi
else else
LogText "Result: /boot does not exist or not privileged to read file s" LogText "Result: /boot does not exist or not privileged to read file s"
fi fi
# Attempt to check for Raspbian if reboot is needed # Attempt to check for Raspbian if reboot is needed
# This check searches for apt package "raspberrypi-kernel-[package-date] ", trys to extract the date of packaging from the filename # This check searches for apt package "raspberrypi-kernel-[package-date] ", trys to extract the date of packaging from the filename
# and compares that date with the currently running kernel's build date (uname -v). # and compares that date with the currently running kernel's build date (uname -v).
# Of course there can be a time difference between kernel build and kern el packaging, therefor a time difference of # Of course there can be a time difference between kernel build and kern el packaging, therefore a time difference of
# 3 days is accepted and it is assumed with only 3 days apart, this must be the same kernel version. # 3 days is accepted and it is assumed with only 3 days apart, this must be the same kernel version.
if [ ${REBOOT_NEEDED} -eq 2 ] && [ -d "${APT_ARCHIVE_DIRECTORY}" ]; then if [ ${REBOOT_NEEDED} -eq 2 ] && [ -d "${APT_ARCHIVE_DIRECTORY}" ]; then
LogText "Result: found folder ${APT_ARCHIVE_DIRECTORY}; assuming thi s is a debian based distribution" LogText "Result: found folder ${APT_ARCHIVE_DIRECTORY}; assuming thi s is a debian based distribution"
LogText "Check: try to find raspberrypi-kernel file in ${APT_ARCHIVE _DIRECTORY} and extract package date from file name" LogText "Check: try to find raspberrypi-kernel file in ${APT_ARCHIVE _DIRECTORY} and extract package date from file name"
FOUND_KERNEL_DATE=$(${FINDBINARY} ${APT_ARCHIVE_DIRECTORY} -name "ra spberrypi-kernel*" -printf "%T@ %Tc %p\n" 2> /dev/null \ FOUND_KERNEL_DATE=$(${FINDBINARY} ${APT_ARCHIVE_DIRECTORY} -name "ra spberrypi-kernel*" -printf "%T@ %Tc %p\n" 2> /dev/null \
| ${SORTBINARY} -nr | ${HEADBINARY} -1 | ${GREPBINARY} -o "raspberry pi-kernel.*deb" | ${EGREPBINARY} -o "\.[0-9]+" | ${SEDBINARY} 's/\.//g') | ${SORTBINARY} -nr | ${HEADBINARY} -1 | ${GREPBINARY} -o "raspberry pi-kernel.*deb" | ${EGREPBINARY} -o "\.[0-9]+" | ${SEDBINARY} 's/\.//g')
if [ -n "${FOUND_KERNEL_DATE}" ]; then if [ -n "${FOUND_KERNEL_DATE}" ]; then
FOUND_KERNEL_IN_SECONDS=$(date -d "${FOUND_KERNEL_DATE}" "+%s" 2 > /dev/null) FOUND_KERNEL_IN_SECONDS=$(date -d "${FOUND_KERNEL_DATE}" "+%s" 2 > /dev/null)
 End of changes. 16 change blocks. 
20 lines changed or deleted 40 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)